Skip to Main content Skip to Navigation
Conference papers

SAFEM: Scalable analysis of flows with entropic measures and SVM

Abstract : This paper describes a new approach for the detection of large-scale anomalies or malicious events in Netflow records. This approach allows Internet operators, to whom botnets and spam are major threats, to detect large-scale distributed attacks. The prototype SAFEM (Scalable Analysis of Flows with Entropic Measures) uses spatial-temporal Netflow record aggregation and applies entropic measures to traffic. The aggregation scheme highly reduces data storage leading to the viability of using such an approach in an Internet Service Provider network.
Document type :
Conference papers
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-00734967
Contributor : Jérôme François <>
Submitted on : Tuesday, September 25, 2012 - 8:49:20 AM
Last modification on : Monday, November 30, 2020 - 10:26:02 PM
Long-term archiving on: : Friday, December 16, 2016 - 4:05:29 PM

File

safem.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Jérôme François, Cynthia Wagner, Radu State, Thomas Engel. SAFEM: Scalable analysis of flows with entropic measures and SVM. Network Operations and Management Symposium, Apr 2012, Lahaina, United States. pp.510-513, ⟨10.1109/NOMS.2012.6211943⟩. ⟨hal-00734967⟩

Share

Metrics

Record views

131

Files downloads

329